From nobody Wed Jan 14 08:06:11 2026
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4drdwg6s3yz6PLCk
	for <dev-commits-src-all@mlmmj.nyi.freebsd.org>; Wed, 14 Jan 2026 08:06:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4drdwg4Nk8z3KLR
	for <dev-commits-src-all@FreeBSD.org>; Wed, 14 Jan 2026 08:06:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1768377971;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=hDYaWBXtqLvVrTx3PZKGfRxXu4sxvStKvqZTRkxJYDk=;
	b=UC03YT/N+B0i46A47tGw2067pq0mS7n9GTTG7gGQGdbvZWnQF9IdGqZbxC3oTL43XQh6In
	aGdS0nNllc07yt94AtPgKNO9+ZnyuWoJypRbqQcZ4+/bm3DT9/q2dDT1Wmg3TajZ2+ZQON
	LSYOxj5yFvjGuXiRtuzOX+IC98xwXr2E5W3WfPTxk4DKcleLFcUvoyG5kgsgKCtHI6r8gL
	IMVVo6kpe30vVUTUtVZJaI4i9G1xTSneQDo3Hk9qsPgY0nK8+RYcvR/lDeCZtM6xWGfs8Q
	kiniqBKlxwkMjRp3uZpYd/YejJiZ9uw+Y4J8Ju+NqG5QlmvGoYXl4OlzznYAXQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1768377971;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=hDYaWBXtqLvVrTx3PZKGfRxXu4sxvStKvqZTRkxJYDk=;
	b=LGsxdDwljqYJdI922t072Kr9JOugEstIvRf9zrr3cTkFVLeN0uzXWhGD0mic3j/fHVgSF9
	YjG5qYXATEmraT7hZCijtOyW0ML+47lnNyQhzuh7TZT5m4P4bPll6+bt7neLzdIAPwlGWU
	t4+ZqBOEbn2XZ9pFq7WoCjVW3rf+H4DKmb2GYn8sD6bxZ0IjqRj7DyEkCwjZ4utbin08va
	RsaRy84rZQ7Zt2XlzvrplTa+9TGrN/vgRX+2nlnY3r9APFaWsEWXkClnDTXkmyrZxtqmJ+
	0OXFm87DoVha2KsI0z9/acD3ZE1jQXFsX/PDalQpS9v800jaQUNxbOtGn7ID0Q==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1768377971; a=rsa-sha256; cv=none;
	b=JslLVUMcFPzQzMnNzqhNE1eb7IlTnk7dGycXmgTn8lMHjMWb5m+bAnk37bcLnWCRqza/WQ
	KDT4wd2h67yKlbr77et6VuR9bWcvrwsvTZ1rXBxr7W40aOicIsL0wWRZpLcMuv5TfbJMsE
	FNvLD01HCqS+mlcentdpc/y/XXld6d2TPs7niytqUzjj4doFn1ItIbZkkez1Gwqy/B++qg
	3H6Xgt4AMSmYe2CSc6pf94ffCJSnb1xRe08skLStqexeZ2cDgYq4rJDwrGSb34lFwvsKBD
	gmjhmxoKkEF48LYuBj7rmunpJo0FiMBFZ1Qv74kKnYPOoqTMjQy0pRVPOb60Ug==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4drdwg3ttXzqbW
	for <dev-commits-src-all@FreeBSD.org>; Wed, 14 Jan 2026 08:06:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id b5c8
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Wed, 14 Jan 2026 08:06:11 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 95ee802f410f - main - pf: state/source limiter finishing touches
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 95ee802f410f9b8afec2c3e66e524ec8ca861dae
Auto-Submitted: auto-generated
Date: Wed, 14 Jan 2026 08:06:11 +0000
Message-Id: <69674e73.b5c8.353515db@gitrepo.freebsd.org>

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=95ee802f410f9b8afec2c3e66e524ec8ca861dae

commit 95ee802f410f9b8afec2c3e66e524ec8ca861dae
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2026-01-12 16:04:24 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2026-01-14 06:44:42 +0000

    pf: state/source limiter finishing touches
    
    Those finishing touches were supposed to land
    with source/state limiter changes. I failed to
    spot them during code review.
    
    OK dlg@
    
    Obtained from:  OpenBSD, sashan <sashan@openbsd.org>, 098c19176b
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf_ioctl.c | 53 ++++++++++++++++++++++-------------------------
 1 file changed, 25 insertions(+), 28 deletions(-)

diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index f6040e2f03a8..ddca4fae940b 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -1632,6 +1632,7 @@ pf_statelim_add(const struct pfioc_statelim *ioc)
 		return (EINVAL);
 
 	namelen = strnlen(ioc->name, sizeof(ioc->name));
+	/* is the name from userland nul terminated? */
 	if (namelen == sizeof(ioc->name))
 		return (EINVAL);
 
@@ -1640,7 +1641,11 @@ pf_statelim_add(const struct pfioc_statelim *ioc)
 		return (ENOMEM);
 
 	pfstlim->pfstlim_id = ioc->id;
-	memcpy(pfstlim->pfstlim_nm, ioc->name, namelen);
+	if (strlcpy(pfstlim->pfstlim_nm, ioc->name,
+	    sizeof(pfstlim->pfstlim_nm)) >= sizeof(pfstlim->pfstlim_nm)) {
+		error = EINVAL;
+		goto free;
+	}
 	pfstlim->pfstlim_limit = ioc->limit;
 	pfstlim->pfstlim_rate.limit = ioc->rate.limit;
 	pfstlim->pfstlim_rate.seconds = ioc->rate.seconds;
@@ -1690,7 +1695,7 @@ pf_statelim_add(const struct pfioc_statelim *ioc)
 unlock:
 	PF_RULES_WUNLOCK();
 
-	/* free: */
+free:
 	free(pfstlim, M_PF_STATE_LIM);
 
 	return (error);
@@ -1845,7 +1850,7 @@ pf_sourcelim_check(void)
 			continue;
 
 		if (strcmp(npfsrlim->pfsrlim_overload.name,
-			pfsrlim->pfsrlim_overload.name) != 0)
+		    pfsrlim->pfsrlim_overload.name) != 0)
 			return (EBUSY);
 
 		/*
@@ -1995,7 +2000,7 @@ pf_statelim_rb_nfind(struct pf_statelim_id_tree *tree, struct pf_statelim *key)
 int
 pf_statelim_get(struct pfioc_statelim *ioc,
     struct pf_statelim *(*rbt_op)(struct pf_statelim_id_tree *,
-     struct pf_statelim *))
+    struct pf_statelim *))
 {
 	struct pf_statelim key = { .pfstlim_id = ioc->id };
 	struct pf_statelim *pfstlim;
@@ -2056,24 +2061,19 @@ pf_sourcelim_add(const struct pfioc_sourcelim *ioc)
 		return (EINVAL);
 
 	namelen = strnlen(ioc->name, sizeof(ioc->name));
+	/* is the name from userland nul terminated? */
 	if (namelen == sizeof(ioc->name))
 		return (EINVAL);
 
 	tablelen = strnlen(ioc->overload_tblname,
 	    sizeof(ioc->overload_tblname));
+	/* is the name from userland nul terminated? */
 	if (tablelen == sizeof(ioc->overload_tblname))
 		return (EINVAL);
 	if (tablelen != 0) {
 		if (ioc->overload_hwm == 0)
 			return (EINVAL);
 
-		/*
-		 * this is stupid, but not harmful?
-		 *
-		 * if (ioc->states < ioc->overload_hwm)
-		 *      return (EINVAL);
-		 */
-
 		if (ioc->overload_hwm < ioc->overload_lwm)
 			return (EINVAL);
 	}
@@ -2089,10 +2089,19 @@ pf_sourcelim_add(const struct pfioc_sourcelim *ioc)
 	pfsrlim->pfsrlim_ipv6_prefix = ioc->inet6_prefix;
 	pfsrlim->pfsrlim_rate.limit = ioc->rate.limit;
 	pfsrlim->pfsrlim_rate.seconds = ioc->rate.seconds;
-	memcpy(pfsrlim->pfsrlim_overload.name, ioc->overload_tblname, tablelen);
+	if (strlcpy(pfsrlim->pfsrlim_overload.name, ioc->overload_tblname,
+	    sizeof(pfsrlim->pfsrlim_overload.name)) >=
+	    sizeof(pfsrlim->pfsrlim_overload.name)) {
+		error = EINVAL;
+		goto free;
+	}
 	pfsrlim->pfsrlim_overload.hwm = ioc->overload_hwm;
 	pfsrlim->pfsrlim_overload.lwm = ioc->overload_lwm;
-	memcpy(pfsrlim->pfsrlim_nm, ioc->name, namelen);
+	if (strlcpy(pfsrlim->pfsrlim_nm, ioc->name,
+	    sizeof(pfsrlim->pfsrlim_nm)) >= sizeof(pfsrlim->pfsrlim_nm)) {
+		error = EINVAL;
+		goto free;
+	}
 
 	if (pfsrlim->pfsrlim_rate.limit) {
 		uint64_t bucket = pfsrlim->pfsrlim_rate.seconds * 1000000000ULL;
@@ -2161,7 +2170,8 @@ pf_sourcelim_add(const struct pfioc_sourcelim *ioc)
 
 unlock:
 	PF_RULES_WUNLOCK();
-	/* free: */
+
+free:
 	free(pfsrlim, M_PF_SOURCE_LIM);
 
 	return (error);
@@ -2206,7 +2216,7 @@ pf_sourcelim_rb_nfind(struct pf_sourcelim_id_tree *tree,
 int
 pf_sourcelim_get(struct pfioc_sourcelim *ioc,
     struct pf_sourcelim *(*rbt_op)(struct pf_sourcelim_id_tree *,
-     struct pf_sourcelim *))
+    struct pf_sourcelim *))
 {
 	struct pf_sourcelim key = { .pfsrlim_id = ioc->id };
 	struct pf_sourcelim *pfsrlim;
@@ -2214,12 +2224,6 @@ pf_sourcelim_get(struct pfioc_sourcelim *ioc,
 	PF_RULES_RLOCK_TRACKER;
 
 	PF_RULES_RLOCK();
-#if 0
-       if (ioc->ticket != pf_main_ruleset.rules.active.ticket) {
-               error = EBUSY;
-               goto unlock;
-       }
-#endif
 
 	pfsrlim = (*rbt_op)(&V_pf_sourcelim_id_tree_active, &key);
 	if (pfsrlim == NULL) {
@@ -2305,13 +2309,6 @@ pf_source_clr(struct pfioc_source_kill *ioc)
 
 	PF_RULES_WLOCK();
 
-#if 0
-	if (ioc->ticket != pf_main_ruleset.rules.active.ticket) {
-		error = EBUSY;
-		goto unlock;
-	}
-#endif
-
 	pfsrlim = pf_sourcelim_rb_find(&V_pf_sourcelim_id_tree_active, &plkey);
 	if (pfsrlim == NULL) {
 		error = ESRCH;